Andr/BBridge-A

Category: Viruses and Spyware Protection available since:09 Jun 2011 01:43:59 (GMT)
Type: Trojan Last Updated:01 Apr 2014 08:29:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Andr/BBridge-A is a Trojan family that targets Android devices. When run it first time, the Trojan drops its payload (located in “assets/anServerB.so” in the original package) as com.sec.android.bridge.apk, and  pops up a button to ask users to install it.

The Trojan collects the following information and sends it to a remote site via http:

  • Subscriber ID (e.g. IMSI for a GSM phone)
  • IMEI
  • Phone number
  • Network country ISO
  • Phone model
  • Android OS version
  • Sim Card info


The payload also contains the following functionalities:

  • Send SMS messages
  • Scan SMS messages
  • Remove SMS messages from the inbox (sush as messages from China Mobile that contains message body “尊敬的用户,由于未经您的授权,本次请求未成功,如需使用,请致电10086进行开通,中国移动。”) in order to prevent users from getting fee consumption updates

 

Examples of Andr/BBridge-A include:

Example 1

File Information

Size
34K
SHA-1
adc8ac7b72a1055438773e7f075028df681d987c
MD5
b2d359952bce1823d29e182dacac159c
CRC-32
d0b2666c
File type
Android application package (APK) file
First seen
2011-06-07

Example 2

File Information

Size
1.9M
SHA-1
000f6c8fbeada5dd49a58352acaaa0d045e4eb28
MD5
ea86a036826d8ffdb8fc5511239309c9
CRC-32
e733d131
File type
Android application package (APK) file
First seen
2012-04-11

Example 3

File Information

Size
1.3M
SHA-1
000f7220cc52f8234b66d5d360d121de0733e303
MD5
34d5356d7496bcb85fb1ca1577e790da
CRC-32
52736226
File type
Android application package (APK) file
First seen
2013-11-09

download Try Sophos products for free
Download now